Re: [Shutup] [ietf-smtp] Levels of proposals
Chris Lewis <ietf@mustelids.ca> Fri, 04 December 2015 22:19 UTC
Return-Path: <ietf@mustelids.ca>
X-Original-To: shutup@ietfa.amsl.com
Delivered-To: shutup@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id B48CE1AC3DF;
Fri, 4 Dec 2015 14:19:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 4.064
X-Spam-Level: ****
X-Spam-Status: No, score=4.064 tagged_above=-999 required=5
tests=[BAYES_50=0.8, FH_RELAY_NODNS=1.451, MISSING_HEADERS=1.021,
RDNS_NONE=0.793, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id lUzQ4YaIqeGd; Fri, 4 Dec 2015 14:19:11 -0800 (PST)
Received: from stoat.mustelids.ca (unknown [174.35.246.2])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id D24BB1AC3D8;
Fri, 4 Dec 2015 14:19:10 -0800 (PST)
Received: from [192.168.0.6] (badger.mustelids.ca [192.168.0.6])
(authenticated bits=0)
by stoat.mustelids.ca (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id
tB4MJ7V6023680
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT);
Fri, 4 Dec 2015 17:19:08 -0500
References: <CABa8R6vfT-9=51B32++eUAVeq5xuhTNUuv62yeO+W6AErRFnDQ@mail.gmail.com>
<5660F3A1.7060807@mustelids.ca>
<1449195108085-9ef6f394-96f931b3-20b99bd2@fugue.com>
<566190E2.9090301@mustelids.ca> <5661B844.4050605@isdg.net>
<5661BFE8.2070706@mustelids.ca> <01PTVNQ5DSQK018EYG@mauve.mrochek.com>
From: Chris Lewis <ietf@mustelids.ca>
X-Enigmail-Draft-Status: N1110
Message-ID: <5662115B.5040200@mustelids.ca>
Date: Fri, 4 Dec 2015 17:19:07 -0500
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.23)
Gecko/20090812 Thunderbird/2.0.0.23 Mnenhy/0.7.6.666
MIME-Version: 1.0
In-Reply-To: <01PTVNQ5DSQK018EYG@mauve.mrochek.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/shutup/1HRpCGK9ucKqJvDt8P_85ycnWBA>
Cc: shutup@ietf.org, ietf-smtp@ietf.org
Subject: Re: [Shutup] [ietf-smtp] Levels of proposals
X-BeenThere: shutup@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SMTP Headers Unhealthy To User Privacy <shutup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/shutup>,
<mailto:shutup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/shutup/>
List-Post: <mailto:shutup@ietf.org>
List-Help: <mailto:shutup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/shutup>,
<mailto:shutup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Dec 2015 22:19:11 -0000
On 12/04/2015 02:18 PM, Ned Freed wrote: > We're also getting reports of activities that look like attempts to trick > MTAs into relay through the use of oddball address formats, some legal, > some not. Not sure if this is what you're seeing or not. What you're describing sounds like old-school open relay trickery. Indeed, what you could be seeing is decade or older open relay testers being used to scan for "buggy" open relay prevention. What I'm seeing isn't that at all. What I see is more like "for everybody I want to spam (address A), pick another address (address B), connect to address B's MX, forge the email to be From: address B, and attempt to get B's MX to relay to address A". However, it's possible that what I'm seeing would shift gears to more obvious trickery if the first attempt failed. It you see the same IP hitting more normal relay rejects before trying the oddball addresses, it could be. If you sent me a log record or received string[s] (off-forum please) I can probably tell for sure.
- [Shutup] Levels of proposals Brandon Long
- Re: [Shutup] Levels of proposals Stephen Farrell
- Re: [Shutup] Levels of proposals Chris Lewis
- Re: [Shutup] [ietf-smtp] Levels of proposals Ted Lemon
- Re: [Shutup] [ietf-smtp] Levels of proposals Ted Lemon
- Re: [Shutup] [ietf-smtp] Levels of proposals Ted Lemon
- Re: [Shutup] [ietf-smtp] Levels of proposals Russ Allbery
- Re: [Shutup] [ietf-smtp] Levels of proposals Russ Allbery
- Re: [Shutup] [ietf-smtp] Levels of proposals Russ Allbery
- Re: [Shutup] [ietf-smtp] Levels of proposals Chris Lewis
- Re: [Shutup] [ietf-smtp] Levels of proposals Chris Lewis
- Re: [Shutup] [ietf-smtp] Levels of proposals Chris Lewis
- Re: [Shutup] [ietf-smtp] Levels of proposals Ned Freed
- Re: [Shutup] [ietf-smtp] Levels of proposals Hector Santos
- Re: [Shutup] [ietf-smtp] Levels of proposals Chris Lewis
- Re: [Shutup] [ietf-smtp] Levels of proposals John Levine
- Re: [Shutup] [ietf-smtp] Levels of proposals Ned Freed
- Re: [Shutup] [ietf-smtp] Levels of proposals Chris Lewis
- Re: [Shutup] [ietf-smtp] Levels of proposals Brandon Long